Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ed Felten: Why Email Services Should Be Court-Order Resistant

Posted by Soulskill on from the it's-not-a-bug-it's-a-feature dept.

Jah-Wren Ryel sends this excerpt from Ed Felten at Freedom to Tinker: "Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data. They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access? The answer is simple but subtle: There are good reasons to protect against insider attacks, and a court order is an insider attack. To see why, consider two companies, which we’ll call Lavabit and Guavabit. At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party—in this case, the drug cartel. From a purely technological standpoint, these two scenarios are exactly the same: an employee copies user data and gives it to an outside party. Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company."

4 of 183 comments (clear)

  1. Are they completely blind? by Anonymous Coward · · Score: 5, Insightful

    So a court case that was created as a knee-jerk response to Snowden is arguing that organizations shouldn't take steps to prevent leaks like Snowden .....

    1. Re:Are they completely blind? by Anonymous Coward · · Score: 5, Insightful

      That's self-consistent and consistent with the way lawyers and judges view the world. In their view, the rules of society aren't defined by the way the world is, but by the way the legislative wants them to be. In their view, upholding the rules is not the job of engineers. It's the job of the police, and justice is the job of lawyers and judges. Lawyers and judges have no problem with telling you that you're wrong to say that 3+2 equals 5 if the law says that it's wrong. By making a system which is resistant to court orders, you're making it impossible for them to uphold the law, and even if you do so to prevent a violation of the law (an illegal leaking of information), that's still wrong, because upholding the law is their job, not yours.

  2. Re:Good model by Anonymous Coward · · Score: 5, Insightful

    But, as the story yesterday showed, only the company the warrant is issued against can challenge it, not the person they want to collect information about.

    So they may well violate your 5th amendmend rights, but the only ones who can do anything about it, is a company whose primary purpose is to minimize cost and maximize shareholder value. Not to protect your rights.

    So, adding 2 and 2 together, you don't have any rights.

  3. The real subtle reason. by ttucker · · Score: 5, Insightful

    They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access?

    The real answer question is, in what fucking world is it appropriate for courts to say what a private company programs?!? If the encryption is not illegal (it shouldn't be either way, but encryption is still legal in the US) the judiciary has no business saying whether it should be used or not.